Mapped to NIST 800-171 Requirement: 3.1.22
CMMC Assessment Objective: AC.L2-3.1.22[c]
What This Objective Means
This is the technical enforcement check for system use notifications. Assessors want to see that your systems:
• Display a warning or login banner before credentials are entered
• Include the required language about authorized use, monitoring, and consent
• Apply the notice consistently across relevant platforms (e.g., workstations, VPNs, cloud portals)
It’s not enough to have banners appear after login or buried in user documentation—they must be displayed before access is granted.
Why It Matters
System use notifications:
• Establish legal grounds for system monitoring
• Warn users of acceptable use requirements
• Provide an opportunity to stop unauthorized access attempts
Without a pre-login banner, you may be operating without valid user consent to monitor system activity.
How to Implement It
• Configure system banners using:
◦ Group Policy (Windows): “Interactive logon: Message title/text”
◦ SSH or Linux-based banners via /etc/issue or /etc/motd
◦ Web portals or VPNs: Login screen banners or disclaimers
• Standardize language across systems using approved message templates
• Test behavior to confirm that:
◦ The message appears before login credentials are entered
◦ Users must acknowledge or proceed through the banner to continue
Evidence the Assessor Will Look For
• Screenshots or video captures showing banner display on login screens
• Configuration files (e.g., GPOs, SSH settings) that define banner content
• Testing logs or documentation showing when and where banners appear
• Internal audits validating that banners are applied consistently
Common Gaps
• Login banners configured to appear only after access is granted
• Missing or inconsistent banner deployment across systems
• Banner text fails to include monitoring or consent language
How Cuick Trac Helps
Cuick Trac supports this control by:
• Enforcing system use notifications across all access points
• Ensuring banners are shown before login—no exceptions
• Providing pre-configured, CMMC-compliant language
• Helping you document system behavior and enforcement for audit readiness
With Cuick Trac, every session begins with user awareness—and your compliance starts before login.
Final CTA
A login banner that comes after login isn’t doing its job.
Schedule a Cuick Trac demo and make sure your system messages appear exactly where and when they’re needed.